Web Services over HTTPS

Documentation home

 

Introduction. 1

Certificates 1

Certificate Authority (CA) 1

Importing Certificates 2

 

 

Introduction

 

If the web service uses an HTTPS connection, then this will communicate using SSL. SSL, or Secure Socket Layer, is a technology which allows the web service client and remote web service server to communicate over a secured connection. The data is encrypted before being transmitted and decrypted when the data is received before processing. This is a two-way process, meaning that both the server AND the browser encrypt all traffic before sending out data. A certificate is required for SSL communication.

 

Certificates

A public key certificate (known just as a certificate) is a digitally-signed statement that binds the value of a public key to the identity of the person, device, or service that holds the corresponding private key. One of the main benefits of certificates is that passwords are not needed for individual clients who need to be authenticated as a prerequisite to access. Instead, the host merely establishes trust in a certificate issuer.

 

Most certificates used are based on the X.509v3 certificate standard.

 

Certificates contain the following information:

 

 

 

Certificate Authority (CA)

A Certificate Authority (CA) is an organization that issues certificates to other organizations that wish to prove their identity. The CA asks the certificate requester to provide information about itself and the CA gives back a certificate in return. The returned certificate is chained to the root certificate, establishing a chain of trust. In this way someone dealing with a company identifying itself through a certificate issued by a certain CA doesn't have to trust every company, but it is sufficient to trust the root CA.

 

Java (J2SE) recognises the common root certificates Verisign, Twarte etc...; these are stored in the JRE's lib/security/cacerts truststore. But sometimes the certificate is not recognised and the certificate must be imported into a Java keystore.

 

 

Importing Certificates

If the web service provider is using a self-signed certificate or one signed by an in-house CA, it must be imported and saved in the keystore of the client Java system. A keystore is a file that contains all the trusted certificates available for HTTPS communication between Verj.io and the remote web service server. Certificates can be imported into the keystore using java’s keytool utility. The keytool is part of the standard Java Development Kit (JDK) shipment and can be found in the $JDK_HOME/bin directory. If the certificate has not been imported, a call to the web service may throw an exception such as: "ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target". 

 

If the certificate has been signed by one of the recognised CAs, the certificate does not normally need to be imported.

 

Follow the instructions below to import a certificate. This example uses Internet Explorer 9 to obtain the certificate, but other browsers or equivalent tools can also be used.

 

If you already have the Certificate .cer file then proceed to step 9.

 

  1. Open up a browser, open the target URL and click the secure icon (padlock).

 

 

  1. Click on the view certificates.

 

 

  1. Select the Certification Path tab on the open dialog, select the root certificate and click on the View Certificate button.

 

 

  1. Select the Details tab on the new certificate dialog which shows the details of the root certificate. Click the Copy to File button.

 

 

  1. Click the Next button on the Certificate Export Wizard.

 

 

  1. Choose Base 64 encoded X.509 (.cer). Click the Next button.

 

 

  1. Enter the filename and the path to store the certificate. Click the Next button.

 

 

  1. Click the Finish button.

 

 

 

Import the certificate into the Java key store

 

  1. Import the certificate into the studio and/or server

 

Import a certificate into the studio

Import a certificate into the server